DOMApplicationRegistry.startDownload() fails to specify installOrigin to downloadPackage()

VERIFIED FIXED in Firefox 21

Status

defect
VERIFIED FIXED
7 years ago
2 years ago

People

(Reporter: myk, Assigned: myk)

Tracking

unspecified
mozilla21
Dependency tree / graph

Firefox Tracking Flags

(blocking-b2g:tef+, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed, b2g18-v1.0.0 fixed)

Details

Attachments

(1 attachment)

Assignee

Description

7 years ago
DOMApplicationRegistry.startDownload() passes a literal object that does not specify an installOrigin property as the argument to the aApp parameter of the DOMApplicationRegistry.downloadPackage() function. <https://github.com/mozilla/mozilla-central/blob/54d68d7b8433c9b34a025d921e79e7a9830181e5/dom/apps/src/Webapps.jsm#L987-L991>

But downloadPackage() checks that aApp.installOrigin is in dom.mozApps.signed_apps_installable_from and throws INSTALL_FROM_DENIED if it isn't. <https://github.com/mozilla/mozilla-central/blob/54d68d7b8433c9b34a025d921e79e7a9830181e5/dom/apps/src/Webapps.jsm#L2110-L2131>

So preloaded packaged stub app updates fail with INSTALL_FROM_DENIED.  And presumably non-stub updates will also fail, as might non-preloaded updates (although I haven't tested these).

Note that I've only tested with B2G Desktop so far.  But the codepath in question does not appear to be desktop-specific, so this seems unlikely to be a desktop-specific bug.
Attachment #705074 - Flags: review?(fabrice)
blocking-b2g: --- → tef?
Assignee

Comment 1

7 years ago
s/as the argument/in the argument/
Comment on attachment 705074 [details] [diff] [review]
patch v1: defines installOrigin

Review of attachment 705074 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks Myk!
Attachment #705074 - Flags: review?(fabrice) → review+
You probably are going to want ask for approval on this patch...
Assignee

Comment 5

7 years ago
Comment on attachment 705074 [details] [diff] [review]
patch v1: defines installOrigin

[Approval Request Comment]
Bug caused by (feature/regressing bug #): unclear
User impact if declined: At least some (and possibly all) external (i.e. third-party) packaged app updates will fail to install, including preloaded apps and those installed by the user from Marketplace.
Testing completed: I tested with a preloaded packaged app stub on the latest nightly build of B2G Desktop.
Risk to taking this patch (and alternatives if risky): The fix is obvious and seems low-risk.  There is no alternative.
String or UUID changes made by this patch: None.
Attachment #705074 - Flags: approval-mozilla-b2g18?
https://hg.mozilla.org/mozilla-central/rev/b659cd43cc69
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Assignee

Updated

7 years ago
Blocks: 833945
blocking-b2g: tef? → tef+
Assignee

Updated

7 years ago
Attachment #705074 - Flags: approval-mozilla-b2g18?
Whiteboard: [qa-]
Will verify by testing an app update with the stub.
Keywords: verifyme
Whiteboard: [qa-]
Assignee

Comment 9

7 years ago
FWIW, this bug might have broken all packaged app updates, so it's worth checking that an app installed from Marketplace can be updated to a new version of the app now that the fix has been applied.
QA Contact: jsmith
Landed on mozilla-b2g18/gaia master prior to the 1/25 branching to mozilla-b2g18_v1_0_0/v1.0.0, updating status-b2g-v1.0.0 to fixed.
Verified - app updates are working with packaged apps & I was successfully able to complete an update with the packaged app stub.
Status: RESOLVED → VERIFIED
Keywords: verifyme

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.